-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi!, ok here is my question, I have 2 ISP''s connected to the firewall, and I already set up th routing tables, I have a 256k and a 1.5m connection, and I want a couple pcs from the internal network to masquerade through the 256k connection and the rest through the 1.5m connection, how do I setup this on shorewall??? I am not subscribed to the list, reply to me please!! Thanks!! Alberto Sierra -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQVw63wmpGfjIYnYTEQJ/rgCdFq9aPh8eBpCAh58PGjleFAelUDgAn2+A Xqv16aHiG+ZIDiK+/6SyC3Bq =rghi -----END PGP SIGNATURE-----
This would very probably be solved best by using a setup like Example 4 in the Masq rules file. I assume that you have your firewall''s external NIC aliased to one of the two public IPs you''re using. In that case, simply set up a rule along the lines of what you see below and segment your network appropriately. # Example 4: # # You want all outgoing traffic from 192.168.1.0/24 through # eth0 to use source address 206.124.146.176 which is NOT the # primary address of eth0. You want 206.124.146.176 added to # be added to eth0 with name eth0:0. # # eth0:0 192.168.1.0/24 206.124.146.176 On Thu, 30 Sep 2004 10:57:04 -0600, Alberto Sierra <asierra@amnet.co.cr> wrote:> > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi!, ok here is my question, I have 2 ISP''s connected to the > firewall, and I already set up th routing tables, I have a 256k and a > 1.5m connection, and I want a couple pcs from the internal network to > masquerade through the 256k connection and the rest through the 1.5m > connection, how do I setup this on shorewall??? > I am not subscribed to the list, reply to me please!! Thanks!! > > Alberto Sierra > > -----BEGIN PGP SIGNATURE----- > Version: PGP 8.1 > > iQA/AwUBQVw63wmpGfjIYnYTEQJ/rgCdFq9aPh8eBpCAh58PGjleFAelUDgAn2+A > Xqv16aHiG+ZIDiK+/6SyC3Bq > =rghi > -----END PGP SIGNATURE----- > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alberto Sierra wrote:> > Hi!, ok here is my question, I have 2 ISP''s connected to the > firewall, and I already set up th routing tables, I have a 256k and a > 1.5m connection, and I want a couple pcs from the internal network to > masquerade through the 256k connection and the rest through the 1.5m > connection, how do I setup this on shorewall??? > I am not subscribed to the list, reply to me please!! Thanks!!That isn''t a Shorewall problem, it is a routing problem. You have to arrange for the ''couple pcs'' to use the default route in the table associated with the 256k connection. The only Shorewall configuration required is shown in the answer to FAQ 32. - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBXEm5O/MAbZfjDLIRAr3AAKCQ+eUE02jM5OdXg7XE9fzYJMSAaQCeNV+A l1RWw90fulJF938c162fO8c=s/a5 -----END PGP SIGNATURE-----